<?php
/*
YHM (Your Hosting Manager) - Copyright 2010 All Rights Reserved. - YHM Group
Released under the Simplified BSD Licence.

Website: http://yhm.co.uk
Licence: http://yhm.co.uk/about/#licence

file: member.php
author: Kieran D. (Polarbear541)
*/

require_once("./global.php");
$action = $_GET['action'];
$error = $_GET['error'];
session_start();
$username = $_SESSION['user_name'];

switch($action)
{

case "profile":
	if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true)
	{
		//not logged in, throw guest to login page
		redirect("./member.php?action=login");
		exit();
	}
	
		echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Edit Profile</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';
	
	if ($_SESSION['gid'] == 1)
	{
		include ("./admin/header.php");
	}
	else
	{
		include ("./client/header.php");
	}

	echo '<div id="content"><h2>Edit Profile</h2>';

	//Run query to get current user profile info.
	$query = mysql_query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='$username'");
	$row = mysql_fetch_array($query);
	
	if ($error == 1)
	{
		$error = "Please fill in all the fields!";
		error($error);
	}
	elseif ($error == 2)
	{				
		$error = "Old Password Incorrect!";
		error($error);
	}
	elseif ($error == 3)
	{
		$error = "New and Confirm Passwords do not Match!";
		error($error);
	}
	
	echo "<form name='profile' method='post' action='./member.php?action=edit_profile'>
Full Name: <input name='name' type='text' value='{$row['name']}' />
Email: <input name='email' type='text' size='25' value='{$row['email']}' /><br /><br />
Address:<br /><textarea name='address' rows='5' cols='50'>{$row['address']}</textarea><br /><br />
Country: <select name='country'>";

	echo "<option value=''>- Select A Country -</option>";

	$countries = mysql_query("SELECT * from ".TABLE_PREFIX."countries");
	$getcid = mysql_query("SELECT * from ".TABLE_PREFIX."countries WHERE code='{$row['country']}'");
	$cid = mysql_fetch_array($getcid);

	while ($country = mysql_fetch_array($countries))
	{		
		if ($cid['code'] == $country['code'])
		{
			echo "<option selected='selected' value='{$country['code']}'>{$country['name']}</option>";
		}
		else
		{
			echo "<option value='{$country['code']}'>{$country['name']}</option>";
		}
	}

	echo "</select>
City/State: <input name='state' type='text' value='{$row['state']}' /><br /><br />
Zip/Post Code: <input name='zip' type='text' value='{$row['zip']}' /> Phone: <input name='phone' type='text' value='{$row['phone']}' /><br /><br />
<fieldset style='width: 400px;'><legend>Change Password: (Leave blank if not changing)</legend>
Current Password: <br /><input name='pass' type='password' /><br />
New Password: <br /><input name='npass' type='password' /><br />
Confirm New Password: <br /><input name='cpass' type='password' />
</fieldset><br />
<input type='submit' name='submit' value='Submit' /></form><br />";
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "edit_profile":
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Edit Profile</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	include("./header.php");

	echo '<div id="content"><h2>Edit Profile</h2>';
	
	//Sanitise standard variables
	$name = mysql_real_escape_string($_POST['name']);
	$email = mysql_real_escape_string($_POST['email']);
	$address = mysql_real_escape_string($_POST['address']);
	$country = mysql_real_escape_string($_POST['country']);
	$state = mysql_real_escape_string($_POST['state']);
	$zip = mysql_real_escape_string($_POST['zip']);
	$phone = mysql_real_escape_string($_POST['phone']);
	
	//Sanitise password variables
	$pass = mysql_real_escape_string($_POST['pass']);
	$npass = mysql_real_escape_string($_POST['npass']);
	$cpass = mysql_real_escape_string($_POST['cpass']);
	
	if (empty($name) || empty($email) || empty($address) || empty($country) || empty($state) || empty($zip) || empty($phone))
	{
		redirect("./member.php?action=profile&error=1");
	}
	
	elseif (!empty($pass) && !empty($npass) && !empty($cpass))
	{	
		$getuserinfo = mysql_query("SELECT * from ".TABLE_PREFIX."users WHERE username='$username'");
		$userinfo = mysql_fetch_array($getuserinfo);
		$salt = $userinfo['salt'];
		
		$pass = md5($salt.md5($pass.$salt));
		$pass = md5($pass);
		
		if ($cpass != $npass)
		{
			redirect("./member.php?action=profile&error=3");
		}
		elseif ($userinfo['password'] == $pass)
		{
			$salt = random_str(10);
			$npass = md5($salt.md5($npass.$salt));
			$npass = md5($npass);
			
			//Else run update queries.
			$query = mysql_query("UPDATE ".TABLE_PREFIX."users SET password='$npass',salt='$salt',name='$name',email='$email',address='$address',country='$country',state='$state',zip='$zip',phone='$phone' WHERE username='$username'");
		
			if(!$query) //If query fails show error.
			{		
				error("Your query failed. " . mysql_error());
			}
			else //Else show success message.
			{
				echo "Profile Edited Successfully! <br />";
				echo "<a href='./member.php?action=profile'>Click here to go back if not redirected</a><br />";
				redirect("./member.php?action=profile", 2);
			}
		}
		else
		{
			redirect("./member.php?action=profile&error=2");
		}
	}

	else
	{		
		//Else run update queries.
		$query = mysql_query("UPDATE ".TABLE_PREFIX."users SET name='$name',email='$email',address='$address',country='$country',state='$state',zip='$zip',phone='$phone' WHERE username='$username'");
		
		if(!$query) //If query fails show error.
		{		
			error("Your query failed. " . mysql_error());
		}
		else //Else show success message.
		{
			$message = "Profile Saved Successfully! <br />";
			echo "<a href='./member.php?action=profile'>Click here to go back if not redirected</a><br />";
			redirect("./member.php?action=profile", 2);
		}
	}
	
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "register":
	if (isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == true && $_SESSION['gid'] == 1)
	{
		redirect("./admin/index.php");
	}
	elseif (isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == true && $_SESSION['gid'] == 0)
	{
		redirect("./client/index.php");
	}
	
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Register</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$page = "register";
	include("./header.php");

	echo '<div id="content"><h2>Register</h2>';
	
	if ($error == 1)
	{
		$error = "Please fill in all the fields!";
		error($error);
	}
	elseif ($error == 2)
	{
		$error = "Passwords do not match!";
		error($error);
	}
	elseif ($error == 3)
	{
		$error = "Username already in use!";
		error($error);
	}
	elseif ($error == 4)
	{
		$error = "Email already in use!";
		error($error);
	}

	echo "<form name='register' method='post' action='./member.php?action=do_register'>
Username: <input name='username' type='text' />
Email: <input name='email' type='text' size='25' /><br />
Password: <input name='password' type='password' />
Confirm Password: <input name='confirm' type='password' /><br /><br />
Full Name: <input name='name' type='text' /><br /><br />
Address:<br /><textarea name='address' rows='5' cols='50'></textarea><br /><br />
Country: <select name='country'>";

	echo "<option value=''>- Select A Country -</option>";

	$countries = mysql_query("SELECT * from ".TABLE_PREFIX."countries");

	while ($country = mysql_fetch_array($countries))
	{		
		echo "<option value='{$country['code']}'>{$country['name']}</option>";
	}

	echo "</select>
City/State: <input name='state' type='text' /><br /><br />
Zip/Post Code: <input name='zip' type='text' /> Phone: <input name='phone' type='text' /><br /><br />
<input type='submit' name='submit' value='Submit' /></form><br />";
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "do_register":
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Register</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	$confirm = mysql_real_escape_string($_POST['confirm']);
	$email = mysql_real_escape_string($_POST['email']);
	$name = mysql_real_escape_string($_POST['name']);
	$address = mysql_real_escape_string($_POST['address']);
	$country = mysql_real_escape_string($_POST['country']);
	$state = mysql_real_escape_string($_POST['state']);
	$zip = mysql_real_escape_string($_POST['zip']);
	$phone = mysql_real_escape_string($_POST['phone']);
	
	$userdupe = mysql_query("SELECT * from ".TABLE_PREFIX."users WHERE username='$username'");
	$emaildupe = mysql_query("SELECT * from ".TABLE_PREFIX."users WHERE email='$email'");
	
	if (empty($username) || empty($password) || empty($confirm) || empty($email) || empty($name) || empty($address) || empty($country) || empty($state) || empty($zip) || empty($phone))
	{
		redirect("./member.php?action=register&error=1");
		exit();
	}
	elseif ($password != $confirm)
	{
		// If the passwords are NOT the same. Again display an error message and redirect.
		redirect("./member.php?action=register&error=2");
		exit();
	}
	elseif (mysql_num_rows($userdupe) != 0)
	{
		redirect("./member.php?action=register&error=3");
		exit();
	}
	elseif (mysql_num_rows($emaildupe) != 0)
	{
		redirect("./member.php?action=register&error=4");
		exit();
	}
	
	$salt = random_str(10);
	$password = md5($salt.md5($password.$salt));
	$password = md5($password);
	
	$activationkey = random_str(10);

	$query = mysql_query("INSERT INTO ".TABLE_PREFIX."`users` VALUES (NULL, '$username', '$password', '$salt', '$email', '0', '$activationkey', '$name', '$address', '$country', '$state', '$zip', '$phone', '0')");
	
	if(!$query)
	{
		error("Your query failed. " . mysql_error());
	}
	else
	{
		$message = "Dear $username,
		
To complete the registration process you will need to go to the URL below in your web browser.

{$settings['url']}/member.php?action=activate&email=$email&key=$activationkey

If the above link does not work correctly, go to

{$settings['url']}/member.php?action=activate

You will need to enter the following:
Email: $email
Activation Key: $activationkey

Thanks, YHM Team.";
		$from = $settings['sendmail'];
		$subject = "Account Activation for YHM";
				
		mail($email, $subject, $message, "From: $from");
		echo "Thank you for registering. An email has been sent with an activation key, please check your email to complete registration. <br />";
		echo "<a href='./member.php?action=login'>Click here to go back if not redirected</a><br />";
		redirect("./member.php?action=login", 2);
	}
	
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "activate":
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Activate Account</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$page = "register";
	include("./header.php");

	echo '<div id="content"><h2>Activate Account</h2>';

	$key = mysql_real_escape_string($_REQUEST['key']);
	$email = mysql_real_escape_string($_REQUEST['email']);
	
	if (empty($key) || empty($email))
	{
		$message = "Please fill in the fields below with your email and activation key to complete your registration.<br /><form action='./member.php?action=activate' method='post'>Email: <input type='text' name='email' /><br />Key: <input type='text' name='key' /><br /><input type='submit' value='Activate' /></form>";
	}
	else
	{
		$check = mysql_query("SELECT * from users WHERE email = '$email' AND activationkey = '$key'");
		$row = mysql_fetch_array($check);
		
		if ($row['status'] == 1)
		{
			$message = "Account Already Activated!";
		}
		elseif (mysql_num_rows($check) == 1)
		{
			$activate = mysql_query("UPDATE users SET status = '1' WHERE id = '{$row['id']}'");
			$message = "Account Activated Successfully!";
		}
		else
		{
			$message = "Invalid Key/Email!";
		}
	}
	
	echo $message;
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "lostpw":
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Lost Password</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$page = "login";
	include("./header.php");

	echo '<div id="content"><h2>Lost Password</h2>';

	$username = mysql_real_escape_string($_POST['username']);
	$email = mysql_real_escape_string($_POST['email']);
	$userinfo = mysql_query("SELECT * from users WHERE username='$username' AND email='$email'");
	
	if (empty($email))
	{
		echo "Please enter your email below to start off the process which will reset your process.<br /><br />
<form name='lostpw' method='POST' action='./member.php?action=lostpw'>
Username <input name='username' type='text' /><br />
Email: <input name='email' type='text' /><br /><br />
<input type='submit' /><br /><br />";
	}
	elseif (mysql_num_rows($userinfo) == 1)
	{
		$key = random_str(10);
		$insertkey = mysql_query("UPDATE ".TABLE_PREFIX."users SET activationkey = '$key' WHERE username = '$username'");
	
		$message = "Dear $username,
		
You (or someone else possessing your username and email) have requested a password reset.
To confirm that this is you please click the link below, if this is not you that has requested this password reset then feel free to ignore this email.

{$settings['url']}/member.php?action=do_lostpw&email=$email&user=$username&key=$key

Thanks, YHM Team.";
		$from = $settings['sendmail'];
		$subject = "Password Reset for $username on YHM";
		
		mail($email, $subject, $message, "From: $from");
		
		echo "An email has been sent to; $email along with instructions on how to reset your password.<br />";
	}
	else
	{
		error("Invalid Username/Email!");
	}
	
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "do_lostpw":
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Lost Password</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$page = "login";
	include("./header.php");

	echo '<div id="content"><h2>Lost Password</h2>';
	
	$email = mysql_real_escape_string($_GET['email']);
	$username = mysql_real_escape_string($_GET['user']);
	$key = mysql_real_escape_string($_GET['key']);
	
	$checkinfo = mysql_query("SELECT * from ".TABLE_PREFIX."users WHERE username = '$username' AND email = '$email' AND activationkey = '$key'");
	
	if (mysql_num_rows($checkinfo) == 1)
	{
		$pass = random_str(10);
		$salt = random_str(10);
		$npass = md5($salt.md5($pass.$salt));
		$npass = md5($npass);
		$changepass = mysql_query("UPDATE ".TABLE_PREFIX."users SET password = '$npass', salt = '$salt'");
		
		$message = "Hi $username,

Your password has been successfully reset upon your request. Your new password is: $pass

Thanks, YHM Team.";
		$from = $settings['sendmail'];
		$subject = "Password Reset for $username on YHM";
		
		mail($email, $subject, $message, "From: $from");
		
		echo "Password successfully reset! Please check your email for your new password.<br />";
	}
	
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "logout":
	session_start();
	session_destroy();
	redirect("./member.php?action=login");
break;

case "login":

	if (isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == true && $_SESSION['gid'] == 1)
	{
		redirect("./client/index.php");
	}
	elseif (isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == true && $_SESSION['gid'] == 0)
	{
		redirect("./admin/index.php");
	}
	
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Login</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>';

	$page = "login";
	include("./header.php");

	echo '<div id="content"><h2>Login</h2>';

	if ($error == 1)
	{
		$error = "Incorrect Username/Password";
		error($error);
	}

	echo '<form name="loginform" method="post" action="./member.php?action=do_login">
Username: <input name="username" type="text" id="username" /><br />
Password: <input name="password" type="password" id="password" /><br />
<input type="submit" name="Submit" value="Login" />
<a href="./member.php?action=lostpw">Lost Password?</a>
</form><br />';
	include "./footer.php";
	echo '</div></div></body></html>';
break;

case "do_login":
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);

	$getsalt = mysql_query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='$username'");
	$row = mysql_fetch_array($getsalt);
	$salt = $row['salt'];
	$password = md5($salt.md5($password.$salt));
	$password = md5($password);

	$checklogin = mysql_query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='$username' and password='$password'");
	$count = mysql_num_rows($checklogin);
	$row2 = mysql_fetch_array($checklogin);

	if ($row2['gid'] == 1 && $count == 1)
	{
		session_start();
		$_SESSION['user_name'] = $username;
		$_SESSION['loggedin'] = true;
		$_SESSION['gid'] = "1";
		redirect("./admin/index.php");
	}

	elseif ($row['gid'] == 0 && $count == 1)
	{
		session_start();
		$_SESSION['user_name'] = $username;
		$_SESSION['loggedin'] = true;
		$_SESSION['gid'] = "0";
		redirect("./client/index.php");
	}

	else
	{
		redirect("./member.php?action=login&error=1");
	}
break;

default:
	redirect("./member.php?action=login");
break;
}
?>